Linux下netstat命令常用方法推介

in 推介 with 0 comment  访问: 185 次

Netstat介绍

netstat是一款命令行工具,可用于列出系统上所有的网络套接字连接情况,包括 tcp, udp 以及 unix 套接字,另外它还能列出处于监听状态(即等待接入请求)的套接字。如果你想确认系统上的Web服务有没有起来,你可以查看80端口有没有打开。以上功能使netstat成为网管和系统管理员的必备利器。

语法:

  -a或--all   显示所有连线中的Socket。
  -A<网络类型>或--<网络类型>   列出该网络类型连线中的相关地址。
  -c或--continuous   持续列出网络状态。
  -C或--cache   显示路由器配置的快取信息。
  -e或--extend   显示网络其他相关信息。
  -F或--fib   显示FIB。
  -g或--groups   显示多重广播功能群组组员名单。
  -h或--help   在线帮助。
  -i或--interfaces   显示网络界面信息表单。
  -l或--listening   显示监控中的服务器的Socket。
  -M或--masquerade   显示伪装的网络连线。
  -n或--numeric   直接使用IP地址,而不通过域名服务器。
  -N或--netlink或--symbolic   显示网络硬件外围设备的符号连接名称。
  -o或--timers   显示计时器。
  -p或--programs   显示正在使用Socket的程序识别码和程序名称。
  -r或--route   显示Routing Table。
  -s或--statistice   显示网络工作信息统计表。
  -t或--tcp   显示TCP传输协议的连线状况。
  -u或--udp   显示UDP传输协议的连线状况。
  -v或--verbose   显示指令执行过程。
  -V或--version   显示版本信息。
  -w或--raw   显示RAW传输协议的连线状况。
  -x或--unix   此参数的效果和指定"-A unix"参数相同。
  --ip或--inet   此参数的效果和指定"-A inet"参数相同。

使用实例

下面介绍几种我们在工作中经常会用到的netstat使用情况

1、列举端口状态

netstat -a: 列出tcp、udp和unix协议下所有套接字的所有连接
netstat -at: 列出所有tcp端口
netstat -au: 列出所有udp端口

[root@Labhost1 ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 *:6379                      *:*                         LISTEN      
tcp        0      0 *:ssh                       *:*                         LISTEN      
tcp        0      0 10.0.3.23:ssh      10.0.3.5:55734              ESTABLISHED 
tcp        0      0 *:6379                      *:*                         LISTEN      
tcp        0      0 *:ssh                       *:*                         LISTEN      
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     6564   @/com/ubuntu/upstart
unix  2      [ ]         DGRAM                    6707   @/org/kernel/udev/udevd
unix  2      [ ACC ]     STREAM     LISTENING     7696   /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     7759   /var/run/acpid.socket
unix  4      [ ]         DGRAM                    7667   /dev/log
unix  2      [ ]         DGRAM                    115905 
unix  2      [ ]         DGRAM                    7761   
unix  3      [ ]         STREAM     CONNECTED     7708   /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     7707   
unix  3      [ ]         STREAM     CONNECTED     7701   
unix  3      [ ]         STREAM     CONNECTED     7700   
unix  3      [ ]         DGRAM                    6723   
unix  3      [ ]         DGRAM                    6722   
[root@Labhost1 ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 *:6379                      *:*                         LISTEN      
tcp        0      0 *:ssh                       *:*                         LISTEN      
tcp        0     48 10.0.3.23:ssh      10.0.3.5:55734              ESTABLISHED 
tcp        0      0 *:6379                      *:*                         LISTEN      
tcp        0      0 *:ssh                       *:*                         LISTEN      
[root@Labhost1 ~]# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
[root@Labhost1 ~]#

netstat -l: 列出所有处于监听状态的Sockets
netstat -lt: 列出所有处于监听状态的tcp端口
netstat -lu: 列出所有处于监听状态的udp端口

[root@Labhost1 ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 *:6379                      *:*                         LISTEN      
tcp        0      0 *:ssh                       *:*                         LISTEN      
tcp        0      0 *:6379                      *:*                         LISTEN      
tcp        0      0 *:ssh                       *:*                         LISTEN      
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     6564   @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     7696   /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     7759   /var/run/acpid.socket
[root@Labhost1 ~]# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 *:6379                      *:*                         LISTEN      
tcp        0      0 *:ssh                       *:*                         LISTEN      
tcp        0      0 *:6379                      *:*                         LISTEN      
tcp        0      0 *:ssh                       *:*                         LISTEN      
[root@Labhost1 ~]# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State

2、打印统计信息

netstat -s: 显示所有端口统计信息
netstat -st: 显示所有tcp端口统计信息
netstat -su: 显示所有udp端口统计信息

[root@Labhost1 ~]# netstat -s
Ip:
    9294103 total packets received
    73 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    9061117 incoming packets delivered
    7007558 requests sent out
Icmp:
    195 ICMP messages received
    13 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 13
        redirects: 164
        echo requests: 15
        echo replies: 3
    43 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 25
        echo request: 3
        echo replies: 15
IcmpMsg:
        InType0: 3
        InType3: 13
        InType5: 164
        InType8: 15
        OutType0: 15
        OutType3: 25
        OutType8: 3
Tcp:
    46 active connections openings
    29 passive connection openings
    1 failed connection attempts
    9 connection resets received
    1 connections established
    8629807 segments received
    7007244 segments send out
    141 segments retransmited
    0 bad segments received.
    78023 resets sent
Udp:
    79 packets received
    12 packets to unknown port received.
    0 packet receive errors
    130 packets sent
.................

[root@Labhost1 ~]# netstat -st
IcmpMsg:
    InType0: 3
    InType3: 13
    InType5: 164
    InType8: 15
    OutType0: 15
    OutType3: 25
    OutType8: 3
Tcp:
    46 active connections openings
    29 passive connection openings
    1 failed connection attempts
    9 connection resets received
    1 connections established
    8629841 segments received
    7007264 segments send out
    142 segments retransmited
    0 bad segments received.
    78023 resets sent
UdpLite:
TcpExt:
    2 packets pruned from receive queue because of socket buffer overrun
    44 TCP sockets finished time wait in fast timer
    2367 delayed acks sent
    84 delayed acks further delayed because of locked socket
    Quick ack mode was activated 77 times
    8 packets directly queued to recvmsg prequeue.
    4 packets directly received from prequeue
    6774297 packets header predicted
    29325 acknowledgments not containing data received
    1776532 predicted acknowledgments
    1 times recovered from packet loss due to SACK data
    3 congestion windows recovered after partial ack
    0 TCP data loss events
    1 fast retransmits
    70 other TCP timeouts
    1138 packets collapsed in receive queue due to low socket buffer
    79 DSACKs sent for old packets
    1 DSACKs sent for out of order packets
    7 connections aborted due to timeout
    TCPSackShiftFallback: 7
IpExt:
    InBcastPkts: 431025
    InOctets: 10285747947
    OutOctets: 5258545401
    InBcastOctets: 44528877
[root@Labhost1 ~]# netstat -su
IcmpMsg:
    InType0: 3
    InType3: 13
    InType5: 164
    InType8: 15
    OutType0: 15
    OutType3: 25
    OutType8: 3
Udp:
    79 packets received
    12 packets to unknown port received.
    0 packet receive errors
    130 packets sent
UdpLite:
IpExt:
    InBcastPkts: 431025
    InOctets: 10285748575
    OutOctets: 5258547489
    InBcastOctets: 44528877

3、获取进程名、进程号以及用户ID

查看端口和连接的信息时,能查看到它们对应的进程名和进程号对系统管理员来说是非常有帮助的。举个栗子,Apache 的 httpd 服务开启80端口,如果你要查看 http 服务是否已经启动,或者 http 服务是由 apache 还是 nginx 启动的,这时候你可以看看进程名。

netstat -p: 输出中显示PID和进程名称
netstat -p 可以与其它开关一起使用,就可以添加 “PID/进程名称” 到 netstat 输出中,这样 debug的时候可以很方便的发现特定端口运行的程序。

[root@Labhost1 ~]# netstat -pnt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0     48 10.0.3.23:22                10.0.3.5:57993              ESTABLISHED 3745/sshd

使用-p选项时,netstat必须运行在root权限之下,不然它就不能得到运行在root权限下的进程名,而很多服务包括httpftp 都运行在root权限之下。

相比进程名和进程号而言,查看进程的拥有者会更有用。使用-ep选项可以同时查看进程名和用户名。

[root@Labhost1 ~]# netstat -lntpe
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       User       Inode      PID/Program name   
tcp        0      0 0.0.0.0:6379                0.0.0.0:*                   LISTEN      501        7879       1096/redis-server * 
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      0          7814       1066/sshd           
tcp        0      0 :::6379                     :::*                        LISTEN      501        7878       1096/redis-server * 
tcp        0      0 :::22                       :::*                        LISTEN      0          7816       1066/sshd

上面列出TCP协议下的监听套接字,同时显示进程信息和一些额外信息;这些额外的信息包括用户名和进程的索引节点号。这个命令对网管来说很有用。

注意: 假如你将-n-e选项一起使用,User列的属性就是用户的ID号,而不是用户名。

4、显示内核路由信息

使用-r选项打印内核路由信息。打印出来的信息与route命令输出的信息一样。我们也可以使用-n选项禁止域名解析。

[root@Labhost1 ~]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.3.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         10.0.3.1        0.0.0.0         UG        0 0          0 eth0

5、持续输出netstat信息

[root@Labhost1 ~]# netstat -c   #netstat 将每隔一秒输出网络信息
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0     48 10.0.3.23:ssh      10.0.3.5:57993              ESTABLISHED 
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ]         DGRAM                    6707   @/org/kernel/udev/udevd
unix  4      [ ]         DGRAM                    7667   /dev/log
unix  2      [ ]         DGRAM                    116410 
unix  2      [ ]         DGRAM                    7761   
unix  3      [ ]         STREAM     CONNECTED     7708   /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     7707   
unix  3      [ ]         STREAM     CONNECTED     7701   
unix  3      [ ]         STREAM     CONNECTED     7700   
unix  3      [ ]         DGRAM                    6723   
unix  3      [ ]         DGRAM                    6722   

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 10.0.3.23:ssh      10.0.3.5:57993              ESTABLISHED 
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ]         DGRAM                    6707   @/org/kernel/udev/udevd
unix  4      [ ]         DGRAM                    7667   /dev/log
unix  2      [ ]         DGRAM                    116410 
unix  2      [ ]         DGRAM                    7761   
unix  3      [ ]         STREAM     CONNECTED     7708   /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     7707   
unix  3      [ ]         STREAM     CONNECTED     7701   
unix  3      [ ]         STREAM     CONNECTED     7700   
unix  3      [ ]         DGRAM                    6723   
unix  3      [ ]         DGRAM                    6722

6、打印网络接口

netstat -i: 打印网络接口信息

[root@Labhost1 ~]# netstat -i
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0 52030085      0    651      0  7034683      0      0      0 BMRU
lo        16436   0       19      0      0      0       19      0      0      0 LRU

上面输出的信息比较原始。我们将-e选项和-i选项搭配使用,可以输出用户友好的信息。

[root@Labhost1 ~]# netstat -ie
Kernel Interface table
eth0      Link encap:Ethernet  HWaddr 52:54:00:8C:C7:A3  
          inet addr:10.0.3.23  Bcast:10.0.1.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fe8c:c7a3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:52067093 errors:0 dropped:651 overruns:0 frame:0
          TX packets:7034772 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:12260773240 (11.4 GiB)  TX bytes:5357831569 (4.9 GiB)
          Interrupt:11 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:19 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1388 (1.3 KiB)  TX bytes:1388 (1.3 KiB)

上面的输出信息与 ifconfig 输出的信息一样。

7、显示系统不支持的地址族 (Address Families)

[root@Labhost1 ~]# netstat --verbose  # 末尾有如下输出  
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

8、找出程序运行的端口

并不是所有的进程都能找到,没有权限的会不显示,使用root权限查看所有的信息。

[root@Labhost1 ~]# netstat -anp |grep ssh
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1066/sshd           
tcp        0     48 10.0.3.23:22                10.0.3.5:57993              ESTABLISHED 3745/sshd           
tcp        0      0 :::22                       :::*                        LISTEN      1066/sshd           
unix  2      [ ]         DGRAM                    116410 3745/sshd           
[root@Labhost1 ~]# netstat -an |grep ':6379'
tcp        0      0 0.0.0.0:6379                0.0.0.0:*                   LISTEN      
tcp        0      0 :::6379                     :::*                        LISTEN      

9、IP和TCP分析,查看连接某服务端口最多的的IP地址

[root@Labhost1 ~]# netstat -nat | grep "10.0.3.23:22" |awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -20
      1 10.0.3.5

10、查看TCP各种状态列表

[root@Labhost1 ~]# netstat -ant  |awk '{print $6}' |sort | uniq -c
      1 established)
      1 ESTABLISHED
      1 Foreign
      4 LISTEN
WeZan
Responses